Modern networks are increasingly becoming content aware to improve data delivery and security via content-based network processing. Content-aware processing at the front end of distributed network systems include applications such as application identification for quality of service applications and deep packet inspection for various security application like anti malware. Deep packet inspection (DPI) methodologies are used to match transport layer data with a database of signatures, a predefined pattern that defines an attack. DPI methodologies inspect the payload portions of a data stream and use signatures to be matched along with specific header matches in the traffic stream. Matching signatures in a data stream is computationally a challenging task as the location of the signature could be anywhere in the incoming traffic stream.
In signature matching, the signatures are grouped into subgroups and the grouped signatures are combined to create a finite automaton which is understood by machines and the network traffic is compared with the automata to detect any attack in the network. Finite automata is differentiated into non-deterministic finite automata (NFA) and deterministic finite automata (DFA). Due to the flexibility and scalability of solutions, DFA based solutions are preferred for signature matching in case of deep packet inspection application. However, memory usage of DFAs can be prohibitively large.